Russian hacking to influence the election has dominated the news. But CBS News has also noticed a hacking attack that could be a future means to the U.S. Last weekend, parts of the Ukrainian capitol Kiev went dark. It appears Russia has figured out how to crash a power grid with a click.

Last December, a similar attack occurred when nearly a quarter of a million people lost power in the Ivano-Frankivsk region of Ukraine when it was targeted by a suspected Russian attack.

Vasyl Pemchuk is the electric control center manager, and said that when hackers took over their computers, all his workers could do was film it with their cell phones.

“It was illogical and chaotic,” he said. “It seemed like something in a Hollywood movie.”williams-ukraine-grid-pkg-new-013.jpg

Vasyl Pemchuk in the control center that was hackedCBS News

The hackers sent emails with infected attachments to power company employees, stealing their login credentials and then taking control of the grid’s systems to cut the circuit breakers at nearly 60 substations.

The suspected motive for the attack is the war in eastern Ukraine, where Russian-backed separatists are fighting against Ukrainian government forces.

But hackers could launch a similar attack in the U.S.

“We can’t just look at the Ukraine attack and go ‘oh we’re safe against that attack,’” said Rob Lee, a former cyberwarfare operations officer in the U.S. military, investigated the Ukraine attack.williams-ukraine-grid-pkg-new-01.jpg

Rob LeeCBS News

“Even if we just lose a portion, right? If we have New York City or Washington D.C. go down for a day, two days, a week, what does life look like at that point?” he said.

He said that some U.S. electric utilities have weaker security than Ukraine, and the malicious software the hackers used has already been detected in the U.S.

“It’s very concerning that these same actors using similar capabilities and tradecraft are preparing and are getting access to these business networks, getting access to portions of the power grid,” he said.

In Ukraine, they restarted the power in just hours. But an attack in the U.S. could leave people without electricity for days, or even weeks, according to experts. Because, ironically, America’s advanced, automated grid would be much harder to fix.

To survive the hacking of a power grid, it’s time to stockpile food, water and medicinePaul Harasim

LAS VEGAS REVIEW-JOURNAL

Heather Murren, the wife of Jim Murren, chairman and CEO of MGM Resorts International, doesn’t fit the stereotypical image of a survivalist or prepper.

Her hair and makeup is just so. Instead of fatigues, she prefers designer wear. She lives in a mansion, not a cave or a shack in the forest.

But when she talks about what she learned as a member of the Commission on Enhancing National Cyberesecurity, what she has to say often sounds much like something we’ve generally thought of as coming from the lips of a backwoods, paranoid, tobacco chewin’, gun totin’, doomsday conspiracy theorist.

It’s time, she says, for Americans to stockpile food, water, medical supplies and other essential everyday items. She says she’s talked to representatives with the American Red Cross and urged them to get the word out to people.

The reason is simple: The nation’s electric power grid is susceptible to cyberwarfare.

Should hackers shut down much of the electrical grid and the critical infrastructure accompanying it, we would have to live for an extended period of time without much of what we now take for granted.

Forget having heat or air conditioning. Water couldn’t be pumped into most homes. ATMs, debit and credit cards wouldn’t work. There would be no banking or air traffic control or traffic lights or Internet. Pharmacies couldn’t dispense medicine. Gas stations couldn’t pump. Say adios to commerce for days or weeks or even months.

“Hacking of the power grid is a significant concern,” said Murren, appointed last year by President Obama to the commission that recently released its report to the nation.

“We can recover from a natural disaster faster than a cyberattack, ” she said. ” When Hurricane Sandy hit we could bring people from throughout the country to help out. But if there’s a cyberattack on the grid in that same region we couldn’t send people from other places because they all use other computer systems. They won’t know the system, what to do.”

What makes Murren’s comments all the more compelling is that they are delivered in the crisp, authoritative, unemotional tone of a Wall Street financier, which she was before moving to Las Vegas.

“Americans should be very concerned,” she stressed.

More people seem to be with each passing day. You can even find directions on the Internet about how to make the water in a swimming pool safe for drinking in an emergency.

While what commission members have to say is in the spotlight today because Russian hacking to influence the presidential election has dominated the news, the observations made on cybersecurity four years ago by then-U.S. Defense Secretary Leon Panetta are no less riveting.

“We know foreign cyberactors … are targeting the computer control systems that operate chemical, electricity and water plants … We know of specific instances where intruders have successfully gained access to these control systems. We also know they are seeking to create advanced tools to attack these systems and cause panic, destruction and even loss of life.”

Murren said more urgency is needed toward cybersecurity, both in government and private industry.

“Technology tends to be viewed by business management as a silo,” she said. “But cyber now touches everything. New board guidelines suggest that at least one board member should have cybersecurity knowledge and that the full board should receive a presentation annually on the subject of cybersecurity. Most businesses don’t do this.”

On the other hand, she said government has too often made businesses go it alone and not played a critical role in coordinating a well-thought-out national digital security system.

She said an appropriate response by the American government to foreign-sanctioned cyberware must be worked out.

“When does it constitute an act of war?” she said.

Murren said the country can’t wait any longer to enact a workable security system.

“Failures in cybersecurity leading to theft of intellectual property are extraordinarily costly … Left unchecked, it can cost us our economic strength and global leadership. Some estimates put the theft of intellectual property — airplane schematics, drug formulas, etc., at $300-$350 billion per year.”

Paul Harasim’s column runs Sunday, Tuesday and Friday in the Nevada section and Monday in the Health section. Contact him at pharasim@reviewjournal.com or 702-387-5273. Follow @paulharasim on Twitter

IN AN ERA of hacker attacks on critical infrastructure, even a run-of-the-mill malware infection on an electric utility’s network is enough to raise alarm bells. But the latest collection of power grid penetrations went far deeper: Security firm Symantec is warning that a series of recent hacker attacks not only compromised energy companies in the US and Europe but also resulted in the intruders gaining hands-on access to power grid operations—enough control that they could have induced blackouts on American soil at will.Symantec on Wednesday revealed a new campaign of attacks by a group it is calling Dragonfly 2.0, which it says targeted dozens of energy companies in the spring and summer of this year. In more than 20 cases, Symantec says the hackers successfully gained access to the target companies’ networks. And at a handful of US power firms and at least one company in Turkey—none of which Symantec will name—their forensic analysis found that the hackers obtained what they call operational access: control of the interfaces power company engineers use to send actual commands to equipment like circuit breakers, giving them the ability to stop the flow of electricity into US homes and businesses.“There’s a difference between being a step away from conducting sabotage and actually being in a position to conduct sabotage ... being able to flip the switch on power generation,” says Eric Chien, a Symantec security analyst. “We’re now talking about on-the-ground technical evidence this could happen in the US, and there’s nothing left standing in the way except the motivation of some actor out in the world.”

Never before have hackers been shown to have that level of control of American power company systems, Chien notes. The only comparable situations, he says, have been the repeated hacker attacks on the Ukrainian grid that twice caused power outages in the country in late 2015 and 2016, the first known hacker-induced blackouts.

The Usual SuspectsSecurity firms like FireEye and Dragos have pinned those Ukrainian attacks on a hacker group known as Sandworm, believed to be based in Russia. But Symantec stopped short of blaming the more recent attacks on any country or even trying to explain the hackers' motives. Chien says the company has found no connections between Sandworm and the intrusions it has tracked. Nor has it directly connected the Dragonfly 2.0 campaign to the string of hacker intrusions at US power companies—including a Kansas nuclear facility—known as Palmetto Fusion, which unnamed officials revealed in July and later tied to Russia.Chien does note, however, that the timing and public descriptions of the Palmetto Fusion hacking campaigns match up with its Dragonfly findings. “It’s highly unlikely this is just coincidental,” Chien says. But he adds that while the Palmetto Fusion intrusions included a breach of a nuclear power plant, the most serious DragonFly intrusions Symantec tracked penetrated only non-nuclear energy companies, which have less strict separations of their internet-connected IT networks and operational controls.

As Symantec's report on the new intrusions details, the company has tracked the Dragonfly 2.0 attacks back to at least December of 2015, but found that they ramped up significantly in the first half of 2017, particularly in the US, Turkey, and Switzerland. Its analysis of those breaches found that they began with spearphishing emails that tricked victims into opening a malicious attachment—the earliest they found was a fake invitation to a New Year's Eve party—or so-called watering hole attacks that compromise a website commonly visited by targets to hack victims' computers.Those attacks were designed to harvest credentials from victims and gain remote access to their machines. And in the most successful of those cases, including several instances in the US and one in Turkey, the attackers penetrated deep enough to screenshot the actual control panels for their targets' grid operations—what Symantec believes was a final step in positioning themselves to sabotage those systems at will. "That’s exactly what you’d do if you were to attempt sabotage," he says. "You’d take these sorts of screenshots to understand what you had to do next, like literally which switch to flip."And if those hackers did gain the ability to cause a blackout in the US, why did they stop short? Chien reasons that they may have been seeking the option to cause an electric disruption but waiting for an opportunity that would be most strategically useful—say, if an armed conflict broke out, or potentially to issue a well-timed threat that would deter the US from using its own hacking capabilities against another foreign nation's critical infrastructure. "If these attacks are from a nation state," Chien says, "one would expect sabotage only in relation to a political event."

The Ukrainian PrecedentNot every group of hackers has shown that kind of restraint. Hackers now believed to be the Russian group Sandworm used exactly the sort of access to electricity control interfaces that Symantec describes Dragonfly having to shut off the power to a quarter million Ukrainians in December 2015. In one case they took over the remote help desk tool of a Ukrainian energy utility to hijack engineers' mouse controls and manually clicked through dozens of circuit breakers, turning off the power to tens of thousands of people as the engineers watched helplessly.

Operations like that one and a more automated blackout attack a year later have made Russia the first suspect in any grid-hacking incident. But Symantec notes that the hackers mostly used freely available tools and existing vulnerabilities in software rather than previously unknown weaknesses, making any attribution more difficult. They found some Russian-language strings of code in the malware used in the intrusions, but also some hints of French. They note that either language could be a "false flag" meant to throw off investigators.In naming the hacking campaign Dragonfly, however, Symantec does tie it to an earlier, widely analyzed set of intrusions also aimed at the US and European energy sectors, which stretched from as early as 2010 to 2014. The hackers behind that series of attacks, called Dragonfly by Symantec but also known by the names Energetic Bear, Iron Liberty, and Koala, shared many of the same characteristics as the more recent Dragonfly 2.0 attacks, Symantec says, including infection methods, two pieces of malware used in the intrusions, and energy sector victims. And both the security firm Crowdstrike and the US government have linked those earlier Dragonfly attacks with the Kremlin—a report published by the Department of Homeland Security and the FBI last December included the group on its list of known Russian-government hacking operations.

Symantec says it has assisted the power companies that experienced the deepest penetrations, helping them eject the hackers from their networks. The firm also sent warnings to more than a hundred companies about the Dragonfly 2.0 hackers, as well as to the Department of Homeland Security and the North American Electric Reliability Corporation, which is responsible for the stability of the US power grid. NERC didn't immediate answer WIRED's request for comment on Symantec's findings, but DHS spokesperson Scott McConnell wrote in a statement that "DHS is aware of the report and is reviewing it," and "at this time there is no indication of a threat to public safety."But Symantec's Chien nonetheless warns any company that thinks it may be a target of the hackers to not only remove any malware it has identified as the group's calling card but also to refresh their staff's credentials. Given the hackers' focus on stealing those passwords, even flushing all malware out of a targeted network might not prevent hackers from gaining a new foothold if they still have employees' working logins.The Dragonfly hackers remain active even today, Chien warns, and electric utilities should be on high alert. Given that the group has, in some form, been probing and penetrating energy utility targets for the past seven years, don't expect them to stop now.

A Bang Followed by Whimpering… and SilencePosted on October 18, 2017 by DymphnaEMP blast

Gotta love The Swamp. Now that North Korea (probably) has the capability to fire a missile into our airspace, TPTB have shut down the one governmental organization with the ability to do anything testicular to deter the Fat Boy driving the looming disaster.

Did you think NoKo is going to do something fissionable with its missiles and is going to simply try to “bomb” us? Well, it would seem that’s the intention, but the real problem is the payload on their missiles. All they need is one EMP detonated in our skies (over the East Coast, where lies most of our outdated electrical infrastructure) to send the continent back to say, 1850…and that will mean ninety percent of our population gone within six months or less. One can envision the follow-up: a leisurely walk-through by China. It would be easy-peasy to sort through the pieces of what remained of Canada and the United States.

From The Center for Security Policy [with my emphases — D]:

Inexplicably, just when we need the country’s most knowledgeable and influential minds advising about how to protect against a potentially imminent, nation-ending peril, the Congressional Electromagnetic Pulse Threat Commission is being shut down.

For seventeen years under the leadership of President Reagan’s Science Advisor, Dr. William Graham, this blue-ribbon panel has warned that we had to protect our electric grid from just the sorts of EMP attacks North Korea is now threatening to unleash upon us. Successive administrations and the electric utilities have shamefully failed to heed those warnings and take corrective action.

Consequently, we could experience on a national scale the sort of devastating, protracted blackouts now afflicting Puerto Rico. President Trump should give Dr. Graham and his team a new mandate as a presidential commission to oversee the immediate implementation of their recommendations.

This disaster happened at the end of September, while the MSM dithered away on their fiddles about the eeevil Trump. Meanwhile, two men who served on the panel appeared in front of this subcommittee to get the views of the panel into the permanent record, i.e. the Congressional Record. If/when it all goes down, their warnings will still exist, if anyone can access them after an EMP explosion:

STATEMENT FOR THE RECORDDR. WILLIAM R. GRAHAM, CHAIRMANDR. PETER VINCENT PRY, CHIEF OF STAFFCOMMISSION TO ASSESS THE THREAT TO THE UNITED STATES FROMELECTROMAGNETIC PULSE (EMP) ATTACKU.S. HOUSE OF REPRESENTATIVESCOMMITTEE ON HOMELAND SECURITYSUBCOMMITTEE ON OVERSIGHT AND MANAGEMENT EFFICIENCY HEARING“EMPTY THREAT OR SERIOUS DANGER:ASSESSING NORTH KOREA’S RISK TO THE HOMELAND”

Here is an excerpt from that “Statement For the Record” [any emphases are mine — D. The footnotes, which have been omitted here, can be found in the pdf linked at the end of this post]:

During the Cold War, major efforts were undertaken by the Department of Defense to assure that the U.S. national command authority and U.S. strategic forces could survive and operate after an EMP attack. However, no major efforts were then thought necessary to protect critical national infrastructures, relying on nuclear deterrence to protect them. With the development of small nuclear arsenals and long-range missiles by new, radical U.S. adversaries, beginning with North Korea, the threat of a nuclear EMP attack against the U.S. becomes one of the few ways that such a country could inflict devastating damage to the United States. It is critical, therefore, that the U.S. national leadership address the EMP threat as a critical and existential issue, and give a high priority to assuring the leadership is engaged and the necessary steps are taken to protect the country from EMP.

By way of background, the Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack was established by Congress in 2001 to advise the Congress, the President, Department of Defense and other departments and agencies of the U.S. Government on the nuclear EMP threat to military systems and civilian critical infrastructures.The EMP Commission was re-established in 2015 with its charter broadened to include natural EMP from solar storms, all manmade EMP threats, cyber-attack, sabotage and Combined-Arms Cyber Warfare. The EMP Commission charter gives it access to all relevant classified and unclassified data and the power to levy analysis upon the Department of Defense.

On September 30, 2017, the Department of Defense, after withholding a significant part of the monies allocated by Congress to support the work of the EMP Commission for the entirety of 2016, terminated funding the EMP Commission. In the same month, North Korea detonated an H-Bomb that it plausibly describes as capable of “super-powerful EMP” attack and released a technical report “The EMP Might of Nuclear Weapons” accurately describing what Russia and China call a “Super-EMP” weapon.

Neither the Department of Defense nor the Department of Homeland Security has asked Congress to continue the EMP Commission. The House version of the National Defense Authorization Act includes a provision that would replace the existing EMP Commission with new Commissioners. Yet the existing EMP Commission comprises the nation’s foremost experts who have been officially or unofficially continuously engaged trying to advance national EMP preparedness for 17 years.

And today, as the EMP Commission has long warned, the nation faces a potentially imminent and existential threat of nuclear EMP attack from North Korea. Recent events have proven the EMP Commission’s critics wrong about other highly important aspects of the nuclear missile threat from North Korea:

Just six months ago, most experts thought North Korea’s nuclear arsenal was primitive, some academics claiming it had as few as [six] A-Bombs. Now the intelligence community reportedly estimates North Korea has [sixty] nuclear weapons.Just six months ago, most experts thought North Korea’s ICBMs were fake, or if real could not strike the U.S. mainland. Now the intelligence community reportedly estimates North Korea’s ICBMs can strike Denver and Chicago, and perhaps the entire United States.Just six months ago, most experts thought North Korea was many years away from an H-Bomb. Now it appears North Korea has H-Bombs comparable to sophisticated U.S. two-stage thermonuclear weapons.Just six months ago, most experts claimed North Korean ICBMs could not miniaturize an A-Bomb or design a reentry vehicle for missile delivery. Now the intelligence community reportedly assesses North Korea has miniaturized nuclear weapons and has developed reentry vehicles for missile delivery, including by ICBMs that can strike the U.S.After massive intelligence failures grossly underestimating North Korea’s long-range missile capabilities, [its] number of nuclear weapons, warhead miniaturization, and proximity to an H-Bomb, the biggest North Korean threat to the U.S. remains unacknowledged — a nuclear EMP attack.

North Korea confirmed the EMP Commission’s assessment by testing an H-Bomb that could make a devastating EMP attack, and in its official public statement: “The H-Bomb, the explosive power of which is adjustable from tens of kilotons to hundreds of kilotons, is a multi-functional thermonuclear weapon with great destructive power which can be detonated even at high altitudes for super-powerful EMP attack according to strategic goals.”

As noted earlier, Pyongyang also released a technical report accurately describing a “Super-EMP” weapon.

Just six months ago, some academics dismissed EMP Commission warnings and even, literally, laughed on National Public Radio at the idea North Korea could make an EMP attack.

Primitive and “Super-EMP” Nuclear Weapons are Both EMP Threats

The EMP Commission finds that even primitive, low-yield nuclear weapons are such a significant EMP threat that rogue states, like North Korea, or terrorists may well prefer using a nuclear weapon for EMP attack, instead of destroying a city: “Therefore, terrorists or state actors that possess relatively unsophisticated missiles armed with nuclear weapons may well calculate that, instead of destroying a city or military base, they may obtain the greatest political-military utility from one or a few such weapons by using them — or threatening their use — in an EMP attack.”

The EMP Commission 2004 Report warns: “Certain types of relatively low-yield nuclear weapons can be employed to generate potentially catastrophic EMP effects over wide geographic areas, and designs for variants of such weapons may have been illicitly trafficked for a quarter-century.”

In 2004, two Russian generals, both EMP experts, warned the EMP Commission that the design for Russia’s Super-EMP warhead, capable of generating high-intensity EMP fields over 100,000 volts per meter, was “accidentally” transferred to North Korea. They also said that due to “brain drain,” Russian scientists were in North Korea, as were Chinese and Pakistani scientists according to the Russians, helping with the North’s missile and nuclear weapon programs. In 2009, South Korean military intelligence told their press that Russian scientists are in North Korea helping develop an EMP nuclear weapon. In 2013, a Chinese military commentator stated North Korea has Super-EMP nuclear weapons.

Super-EMP weapons are low-yield and designed to produce not a big kinetic explosion, but rather a high level of gamma rays, which generates the high-frequency E1 EMP that is most damaging to the broadest range of electronics. North Korean nuclear tests, including the first in 2006, whose occurrence was predicted to the EMP Commission two years in advance by the two Russian EMP experts, mostly have yields consistent with the size of a Super-EMP weapon. The Russian generals’ accurate prediction about when North Korea would perform its first nuclear test, and of a yield consistent with a Super-EMP weapon, indicates their warning about a North Korean Super-EMP weapon should be taken very seriously.

EMP Threat From Satellites

While most analysts are fixated on when in the future North Korea will develop highly reliable intercontinental missiles, guidance systems, and reentry vehicles capable of striking a U.S. city, the threat here and now from EMP is largely ignored. EMP attack does not require an accurate guidance system because the area of effect, having a radius of hundreds or thousands of kilometers, is so large. No reentry vehicle is needed because the warhead is detonated at high-altitude, above the atmosphere. Missile reliability matters little because only one missile has to work to make an EMP attack against an entire nation.

North Korea could make an EMP attack against the United States by launching a short-range missile off a freighter or submarine or by lofting a warhead to 30 kilometers burst height by balloon. While such lower-altitude EMP attacks would not cover the whole U.S. mainland, as would an attack at higher-altitude (300 kilometers), even a balloon-lofted warhead detonated at 30 kilometers altitude could blackout the Eastern Electric Power Grid that supports most of the population and generates 75 percent of U.S. electricity.

Or an EMP attack might be made by a North Korean satellite, right now.

A Super-EMP weapon could be relatively small and lightweight and could fit inside North Korea’s Kwangmyongsong-3 (KMS-3) and Kwangmyongsong-4 (KMS-4) satellites. These two satellites presently orbit over the United States, and over every other nation on Earth–demonstrating, or posing, a potential EMP threat against the entire world.

North Korea’s KMS-3 and KMS-4 satellites were launched to the south on polar trajectories and passed over the United States on their first orbit. Pyongyang launched KMS-4 on February 7, 2017, shortly after its fourth illegal nuclear test on January 6, that began the present protracted nuclear crisis with North Korea.

The south polar trajectory of KMS-3 and KMS-4 evades U.S. Ballistic Missile Early Warning Radars and National Missile Defenses, resembling a Russian secret weapon developed during the Cold War, called the Fractional Orbital Bombardment System (FOBS) that would have used a nuclear-armed satellite to make a surprise EMP attack on the United States.

Ambassador Henry Cooper, former Director of the U.S. Strategic Defense Initiative and a preeminent expert on missile defenses and space weapons, has written numerous articles warning about the potential North Korean EMP threat from their satellites. For example, on September 20, 2016, Ambassador Cooper wrote:

U.S. ballistic missile defense (BMD) interceptors are designed to intercept a few North Korean ICBMs that approach the United States over the North Polar region. But current U.S. BMD systems are not arranged to defend against even a single ICBM that approaches the United States from over the South Polar region, which is the direction toward which North Korea launches its satellites…This is not a new idea. The Soviets pioneered and tested just such a specific capability decades ago — we call it a Fractional Orbital Bombardment System (FOBS)…So, North Korea doesn’t need an ICBM to create this existential threat. It could use its demonstrated satellite launcher to carry a nuclear weapon over the South Polar region and detonate it…over the United States to create a high-altitude electromagnetic pulse (HEMP)…The result could be to shut down the U.S. electric power grid for an indefinite period, leading to the death within a year of up to 90 percent of all Americans — as the EMP Commission testified over eight years ago.

Here’s the website for The Oversight and Management Efficiency Subcommittee. Scroll down the list of members to see if your Congressman is on that committee. Better yet, write your own Congressman and tell him to get going on this critical issue. He doesn’t have to be a member of that subcommittee to nudge it forward. While you’re at it, send a tweet to Trump.

That commission was extant and active for seventeen years. Yet for some strange reason, it’s been disbanded now that we have two irrational actors on the world stage capable of bringing us to a neck-breaking halt.

At least Maine seems to be aware and active about the problem. Whether it’s past the initial stages of deciding what to do is hard to say, but its preliminary actions show the way forward for other states. States don’t have to wait for the Federal behemoth to move toward safety. They could even act regionally in a co-operative. This is especially important for our vulnerable northeastern corridor.

Here’s where you can find the contact information for your Congressional representative. It would be a good idea to lean on your state representatives, too. Send their assistants the pdf.